For Europe 2012 was the year of cookies. Although the European directive for the use of cookies was already formulated in 2009, most countries applied the law only in 2012. In the Netherlands the law took effect on the 5th of June this year, but the announcement was only properly made on the 1st of June. Result: panic! Although some parts of the law, including active enforcement, will only take effect on the 1st of January 2013. The online world exploded with analysis, opinions, conclusions and solutions. This change gave me some interesting insights about the way we, as an industry, handled this. Which I want to share with you here.

1. A lot of people have no idea what they’re doing

The first thing I realised when everybody started talking about the cookie law was that nobody really knew what cookies did. I wasn’t really surprised to see that users didn’t know this. The law was introduced because users had no idea what data they released, to whom and what those parties did with that data. Although the law is meant to protect these users it seems like they really don’t know or don’t care about their privacy.

I was more surprised to notice that the majority of website owners had no idea what they did with cookies, or even worse, what cookies they let other companies set through their sites. For example, I noticed a lot of website owners had no idea that when they put social sharing buttons on their sites they basically allowed the social networks to track users on their websites.

When I looked a little further I noticed a lot of online marketers also didn’t really know what this law implicated. Most of them first had to start an extensive research on what this new law really meant. For which things did they actually rely on cookies? A lot of people didn’t know. Not because they were unsuitable for their jobs, but because there’s never been a need to know what they needed the cookies for. Nobody seemed to care.

And lastly the creators of the cookie law didn’t really seem to have a good view of what the law should do. But that’s a whole different story.

Shocking? Maybe, maybe not. It seems like people really focus on what they need to know. If privacy isn’t a real issue for the users, why should it be for other parties? There are however more things to learn.

2. Everybody is looking for a quick fix

Another thing I immediately noticed is that everybody relying on cookies was searching for a quick fix. Asking questions like: How can we comply with the law, without losing any of the features that use cookies? How can we keep our user data without users giving us permission to use cookies? These questions all resulted in discussions about the technical implications of the law and thus resulted in all kinds of technical solutions like cookie-less analytics.

I’ve never really heard strategic solutions. Nobody was talking about the benefits of being honest to your users. To tell them what you are saving, why it’s maybe not really privacy sensitive, and how you are using it for their benefit. The possibilities it offers to have permission from your users to save their data and use them for a better user experience are greater than many people think. These users who give you permission might be more involved with your brand, these users trust you with their data. You better start using it for their benefit.

A first test by Sunweb Holidays in the Netherlands showed that complying to the cookie law didn’t result in a loss of sales. It resulted in 30 percent loss in data, but the users who accepted cookies had a higher conversion rate and time on site. They were more engaged, more willing to buy. Sabine de Vos, web analyst for Sunweb also confirmed the lack of knowledge from users: “99 percent of people who choose, choose for the highest opt-in level (permission for the most cookies). The biggest learning is that users have no idea what cookies do, or they don’t care”.

Knowing that users easily opt-in for the highest opt-in level gives you the possibility to get permission to apply the user data for high levels of personalization, using the cookie permission in your advance. The short-sighted view which is showing now doesn’t really benefit anyone. We need to think in possibilities more than barriers. Not only in this case but for every change there is.

3. Don’t adjust too fast, but be prepared

Although we work in a fast changing business, we should refrain from adjusting to fast to changing situations. This law is a perfect example of that. Yesterday an announcement was made that some politicians are going to try to change the law to work slightly differently. A fully implemented solution compliant to the current situation could become, at least partly, worthless.

The solution isn’t to sit tight either. You have to be prepared. From the 1st of January the supervisory authority (OPTA) can fine offenders with a fine up till € 450.000 without proving you’re using cookies to save personal data. When warned you need to be able to apply the law quickly. Do this in a few steps.

Always start with informing the people who need to know about the law within your company, or your clients. Let them know there’s something happening, which could have implications for them. Don’t tell them yet about the exact implications or how the adapt, but just prepare them and tell them you will keep informing.

Than start analysing the real implications. Make sure you really know what’s going on. Only then present these findings. Inform them what it really means for them in general, but don’t offer a solution yet.

Next you need to inform them about the implications for their situation. In this case analyse the cookies they use, give them insights in what their tracking and start by showing possibilities for their solution. But don’t tell them what to do. Your goal is to get them to make an informed decision about the way to go. Based on your knowledge and insights and their possibilities and needs.

And lastly implement a solution when needed. If you need to test some things before it’s really needed to implement the solution you should start early. If you just can turn the switch, do it when really necessary. As you can you see in this case conditions can change. Don’t invest all your resources in implementing a perfect solution before really necessary. But make sure you can adjust quickly when needed.